Smart Grid News

Smart grid cyber security needs critical improvements, McAfee says

Internet security company McAfee announced on July 18, 2012, it has released a report that discussed how the leaders of the smart grid feel about the current state of energy security.

The report, titled "Getting Smarter About Smart Grid Cyberthreats," focuses on the vulnerability of legacy systems, and how security must be bolstered to lower the chances for a critical attack.

"Security needs to be built into grid components at the planning and design phase," said Tom Moore, vice president of Embedded Security at McAfee. "Because the grid relies heavily on embedded systems it makes them ripe targets for intruders thus it is imperative to integrate security solutions natively in these devices. McAfee is working with its partners in industry and government to make great strides on the technical front to mitigate the threats to these critical systems we all rely on."

The report highlighted the potential effects of an attack on the electrical power grid, which it described as the "backbone on which everything else depends on." In a single attack, a cyber criminal theoretically could bring an entire city to its knees by compromising a wide range of critical infrastructure and even smaller items, such as home appliances, heart monitors in hospitals and air defense systems.

The most common cyber security threat reported by members of the energy sector is extortion. When criminals exploit vulnerabilities and gain access to a utility's system, they often explain the damage that could be done, and demand a ransom before leaving the system. Other common attacks, the report found, include espionage and sabotage, data theft and shutting down facilities.

In the report, McAfee takes a close look at the factors that helped create a system of energy generation and distribution that is highly intelligent, but still extremely vulnerable to cyber attack. Although utilities are going about grid modernization projects with the best of intentions, as they will result in more efficient operations, lower costs for consumers and the introduction of more renewable energy sources into the grid, these systems are, in fact, exactly what are creating a more vulnerable grid.

Currently, about 70 percent of America's power grid is more than 30 years old. With so many modernization projects on the horizon, the vulnerabilities are only expected to grow.

Automation, which will be at the forefront of many utilities' smart grid deployments, will entail transitioning systems away from manual processes and toward a system that is integrated with wireless technologies, allowing real-time data analysis. Smart grid technologies will also allow utility managers to communicate with field workers remotely, which although will result in much higher productivity, will also open up substations to threats from the outside world.

The interconnection of embedded systems will also pose many challenges for utilities, the report stated, which may be the most alarming cause of vulnerability. The spread of interconnected embedded software that will be used to direct the flow of energy will create new threats, as each of these intelligent electronic devices has built-in computers with specific tasks. These devices are increasingly being built with off-the-shelf software, compared with proprietary software, in turn making them more generic and vulnerable. This kind of software is being most targeted by cyber attackers.

SUBNET products, which help utilities collect, analyze and manage the huge amounts of data from these devices, are also designed to help utilities comply with strict NERC CIP standards, which were developed to help protection critical infrastructure from a wide range of cyber attacks.